A well-planned directory infrastructure can grow as your business does

Once your Windows network grows beyond a dozen or so computers – or even before that, if you want extra security and centralized management – you'll need to deploy Active Directory. The directory infrastructure that you build in the beginning can see you through the growth of your business from a tiny SOHO to a large enterprise, if you plan for scalability right from the start.

Designing a directory services infrastructure for your
Windows network can seem like an overwhelming task. If your business is small,
it may seem logical to go with the simplest design possible, but if there’s
anything more time consuming and complex than developing a brand new Active
Directory design, it’s trying to redesign an existing infrastructure that wasn’t
developed with growth in mind.

The good news is that a well-planned directory
infrastructure can easily grow as your business does, even accommodating
acquisitions and mergers, without ever having to tear it down and start over.
That’s why it’s important to take the time to learn best design practices and
build scalability into your directory infrastructure from the beginning.

Active Directory: Born to scale

The Active Directory is a hierarchical database that
contains all of the important information about users, and computer and other
network resources. Its structure allows you to locate, manage, and apply
security mechanisms and other policies to selected objects in a centralized
manner. Active Directory is based on the Lightweight Directory Access Protocol
(LDAP) and ISO/ITU X.500 standards, making it easier to interoperate with, and migrate information to and from, other LDAP-compliant
directory services.

Tips in your inbox

TechRepublic’s free Strategies that Scale newsletter, delivered each Tuesday, covers topics such as how to structure purchasing, when to outsource, negotiating software licensing or SLAs, and budgeting for growth.

Automatically sign up today!

As your organization grows, you may need to develop your own
proprietary software applications. Using the Active Directory Services
Interface (ADSI) API, your programmers can create software that works with
Active Directory and other LDAP-compliant directories. You can also use the
Directory Services Markup Language (DSML) to create an environment where XML-based
applications can work with the Active Directory and use its information.

Active Directory structural components

If you’re creating your Active Directory infrastructure from
scratch, you have the opportunity to maximize scalability and flexibility.
There are two components involved in planning your directory structure:

Logical
structure
Physical
structure

The logical structure consists of objects (files, folders,
computers, users, printers, etc.) that are organized within containers (objects
in which you can place other objects, including organizational units, domains,
domain trees, and forests). The physical structure consists of sites, which are
groups of computers or IP subnets that are connected via a high speed link.
Sites contain computers.

The logical and physical structures don’t necessarily
correspond. One domain can span multiple sites and one site can contain more
than one domain. It’s important to note that you can apply group policy objects
based on either logical or physical structure. That is, you can apply a policy
to a logical unit such as a domain or organizational unite (OU), or to a
physical unit (a site).

Designing for scalability

An important consideration in designing a scalable directory
structure is the namespace. Every directory object has a unique name, and
Active Directory uses standard naming conventions to describe and locate
objects within the directory. Active Directory uses the Domain Name System
(DNS) to resolve names. This is the same system used on the Internet to resolve
computer names to IP addresses. DNS names are hierarchical, like the directory
structure.

In planning a namespace, you should consider how your
company is structured, and also how it is likely to be structured in the future
as it grows. A small company may very well start with a single domain, but as
the organization grows, you may find it useful to divide the network into
multiple domains because a domain forms a security and administrative barrier.

The first domain is often named for the company. For
example, if your company is named Acme Inc., your first domain might be
Acme.com. You might then create “child” domains under it based on
departmental divisions or geographic locations. The name of the child domain is
prefaced to the name of the parent domain, so you end up with child domains
called Finance.Acme.com and Sales.Acme.com representing different departments
(or perhaps Altanta.Acme.com and Dallas.Acme.com representing branch offices).

The important part is to create a namespace that logically
divides the network and makes each part easily identifiable. The first domain
you create becomes the “root” of the domain tree (which consists of
all the domains with a common namespace).

Growing the directory structure

You can easily add and delete domains if the structure of
your organization undergoes changes. If your company merges with another, you
can create a separate domain tree by creating a new root domain with a
different namespace (for example, Zeta.com). These two domain trees can be part
of the same Active Directory forest, which means there will be a trust relationship
between the root domains of each tree. Because Active Directory trusts are
transitive, users in one domain tree will be able to access resources in the
other tree (as long as their user accounts have been assigned the appropriate
permissions to do so).

It is also possible, as your organization grows even larger,
to create a multiple-forest environment. This would be necessary if you have
separate autonomous divisions that don’t want to share the same schema (which
defines directory objects and attributes) and the same Global Catalog (which
contains a searchable representation of all objects in the directory).

Active Directory domains can scale to hold millions of
objects. Of course, a domain with a large number of objects can become
unwieldy, but you can further divide and organize groups of objects within a
domain by creating OUs. You can even nest OUs inside other OUs, and you can
apply policies and delegate administrative responsibilities at the OU level for
very granular control. Policies and user rights are inherited by nested OUs from the OUs in which they
reside.

An important part of Active Directory’s scalability lies in
the ability to replicate directory information between domain controllers at
different sites across wide area networking links. This keeps the directory
information up to date across the entire network and makes it available to all
users, no matter where they are physically located.

Thus, if planned properly, your Active Directory structure
should be able to grow with you as your company expands from a small business
to a multi-site enterprise. For more detailed information about planning and
deploying Active Directory, see Microsoft’s
Active Directory Collection on the TechNet web site.

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE Finding a back-end developer with programming and technical expertise as well as superior collaboration and communication skills will require a comprehensive recruitment strategy. This Hiring Kit from TechRepublic Premium provides an adjustable framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: TYPICAL ...

PURPOSE Application engineers need to have technical expertise in programming, design, business and the software and hardware required to run the application. This Hiring Kit from TechRepublic Premium provides an adjustable framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE ...

A well-planned directory infrastructure can grow as your business does